Crafting adversarial input sequences for recurrent neural networks
Top Cited Papers
- 26 December 2016
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
Abstract
Machine learning models are frequently used to solve complex security problems, as well as to make decisions in sensitive situations like guiding autonomous vehicles or predicting financial market behaviors. Previous efforts have shown that numerous machine learning models are vulnerable to adversarial manipulations of their inputs taking the form of adversarial samples. Such inputs are crafted by adding carefully selected perturbations to legitimate inputs so as to force the machine learning model to misbehave, for instance by outputting a wrong class if the machine learning task of interest is classification. In fact, to the best of our knowledge, all previous work on adversarial samples crafting for neural networks considered models used to solve classification tasks, most frequently in computer vision applications. In this paper, we investigate adversarial input sequences for recurrent neural networks processing sequential data. We show that the classes of algorithms introduced previously to craft adversarial samples misclassified by feed-forward neural networks can be adapted to recurrent neural networks. In a experiment, we show that adversaries can craft adversarial sequences misleading both categorical and sequential recurrent neural networks.Keywords
This publication has 10 references indexed in Scilit:
- Machine Learning in Adversarial SettingsIEEE Security & Privacy, 2016
- Distillation as a Defense to Adversarial Perturbations Against Deep Neural NetworksPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2016
- The Limitations of Deep Learning in Adversarial SettingsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2016
- Malware classification with recurrent networksPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2015
- Large-scale malware classification using random projections and neural networksPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2013
- Multi-column deep neural network for traffic sign classificationNeural Networks, 2012
- Statistical ModelsPublished by Cambridge University Press (CUP) ,2009
- Can machine learning be secure?Published by Association for Computing Machinery (ACM) ,2006
- Long Short-Term MemoryNeural Computation, 1997
- Generalization of backpropagation with application to a recurrent gas market modelNeural Networks, 1988